Export (0) Print
Expand All

ISessionIDManager Interface

Defines the contract that a custom session-state identifier manager must implement.

Namespace:  System.Web.SessionState
Assembly:  System.Web (in System.Web.dll)

public interface ISessionIDManager

The ISessionIDManager type exposes the following members.

  NameDescription
Public methodCreateSessionIDCreates a unique session identifier.
Public methodGetSessionIDGets the session identifier from the context of the current HTTP request.
Public methodInitializeInitializes the SessionIDManager object.
Public methodInitializeRequestPerforms per-request initialization of the SessionIDManager object.
Public methodRemoveSessionIDDeletes the session identifier from the cookie or from the URL.
Public methodSaveSessionIDSaves a newly created session identifier to the HTTP response.
Public methodValidateConfirms that the supplied session identifier is valid.
Top

The ISessionIDManager interface identifies the methods that you must implement to create a custom manager for session-identifier values. An ISessionIDManager interface implementation creates and validates session-identifier values, and manages the storage of a session identifier in the HTTP response as well as the retrieval of a session-identifier value from the HTTP request. You enable the custom session-ID manager using the sessionIDManagerType attribute of the sessionState Element (ASP.NET Settings Schema) configuration element.

If your ISessionIDManager interface implementation will support cookieless session identifiers, you will need to implement a solution for sending and retrieving session identifiers in the URL, such as an ISAPI filter.

If you only want to supply custom session-identifier values to be used by ASP.NET session state, you can create a class that inherits the SessionIDManager class and override only the CreateSessionID and Validate methods with your own custom implementation. This enables you to supply your own session-identifier values, while relying on the base SessionIDManager class to store values to the HTTP response and retrieve values from the HTTP request. For an example of overriding the SessionIDManager class and implementing these methods, see the example provided for the CreateSessionID method of the SessionIDManager class.

The following code example shows a class that implements a cookie-based session-ID manager.

using System;
using System.Configuration;
using System.Web.Configuration;
using System.Web;
using System.Web.SessionState;


namespace Samples.AspNet.Session
{

  public class MySessionIDManager : IHttpModule, ISessionIDManager
  {

    private SessionStateSection pConfig = null;


    // 
    // IHttpModule Members 
    // 


    // 
    // IHttpModule.Init 
    // 

    public void Init(HttpApplication app)
    {
      // Obtain session-state configuration settings. 

      if (pConfig == null)
      {
        Configuration cfg =
          WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
        pConfig = (SessionStateSection)cfg.GetSection("system.web/sessionState");
      }
    }


    // 
    // IHttpModule.Dispose 
    // 

    public void Dispose()
    {
    }




    // 
    // ISessionIDManager Members 
    // 




    // 
    // ISessionIDManager.Initialize 
    // 

    public void Initialize()
    {
    }


    // 
    // ISessionIDManager.InitializeRequest 
    // 

    public bool InitializeRequest(HttpContext context, 
                                  bool suppressAutoDetectRedirect, 
                                  out bool supportSessionIDReissue)
    {
      if (pConfig.Cookieless == HttpCookieMode.UseCookies)
      {
        supportSessionIDReissue = false;
        return false;
      }
      else
      {
        supportSessionIDReissue = true;
        return context.Response.IsRequestBeingRedirected;
      }
    }




    // 
    // ISessionIDManager.GetSessionID 
    // 
    public string GetSessionID(HttpContext context)
    {
      string id = null;

      if (pConfig.Cookieless == HttpCookieMode.UseUri)
      {
        // Retrieve the SessionID from the URI.
      }
      else
      {
        id = context.Request.Cookies[pConfig.CookieName].Value;
      }      

      // Verify that the retrieved SessionID is valid. If not, return null. 

      if (!Validate(id))
        id = null;

      return id;
    }

    // 
    // ISessionIDManager.CreateSessionID 
    // 

    public string CreateSessionID(HttpContext context)
    {
      return Guid.NewGuid().ToString();
    }

    // 
    // ISessionIDManager.RemoveSessionID 
    // 

    public void RemoveSessionID(HttpContext context)
    {
      context.Response.Cookies.Remove(pConfig.CookieName);
    }


    // 
    // ISessionIDManager.SaveSessionID 
    // 

    public void SaveSessionID(HttpContext context, string id, out bool redirected, out bool cookieAdded)
    {
      redirected = false;
      cookieAdded = false;

      if (pConfig.Cookieless == HttpCookieMode.UseUri)
      {
        // Add the SessionID to the URI. Set the redirected variable as appropriate.

        redirected = true;
        return;
      }
      else
      {
        context.Response.Cookies.Add(new HttpCookie(pConfig.CookieName, id));
        cookieAdded = true;
      }
    }


    // 
    // ISessionIDManager.Validate 
    // 

    public bool Validate(string id)
    {
      try
      {
        Guid testGuid = new Guid(id);

        if (id == testGuid.ToString())
          return true;
      }
      catch
      {
      }

      return false;
    }
  }
}

.NET Framework

Supported in: 4.5, 4, 3.5, 3.0, 2.0

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft